A Look at Blue Lane VirtualShield

We put Blue Lane VirtualShield to the test and found its unique patching approach an effective way to protect against remotely exploitable vulnerabilities targeting VMware.

In many ways, security in a virtualized environment IS no different from security in the real world: You plan for defense-in-depth with host-based and network-access controls, and set security systems to monitor traffic where appropriate. For added protection, there are a few security "virtual appliances" available at VMware's Virtual Appliance Marketplace. We decided to test one, Blue Lane Technologies' VirtualShield, in our University of Florida Real-World Labs®.

According to its billing, VirtualShield removes malicious content from network traffic before it reaches your virtual servers, a technique the company calls "inline patching." This guards against new vulnerabilities, often well before vendors release fixes, and lets IT safely run legacy apps for which patches may no longer be issued.

At press time, VirtualShield was one of just two virtual appliances (VAs) we've seen intended to protect virtual machines (VMs) running under VMware. The other, Reflex Security's VSA, is an IPS (intrusion-prevention system) that runs in ESX and protects virtual servers. Blue Lane distinguishes itself by taking the approach of patching network traffic, rather than just blocking the evil stuff.

Although still new and needing some polish, VirtualShield is innovative and well-executed. The core functionality works as advertised, and Blue Lane, a four-year-old pre-IPO start-up, seems committed to refining its technology. The company's willingness to rapidly correct problems discovered during our tests makes us feel very comfortable recommending VirtualShield, especially since the product brings the capability of Blue Lane's two-year-old PatchPoint appliance inside VMware ESX server at an attractive price: $599 per year for a dual-processor server, compared with a $7,500 cost of entry for Blue Lane's physical appliance.

Strategic Security: Risk Assessment You can't build effective security policies without involving non-IT business stakeholders. Here's how to get them to help you assess and address those threats.

NWC ANALYTICSHost Intrusion PreventionHow does Host IPS compare with conventional antivirus solutions? What's the difference between network IPS and host IPS? We answer these questions and more in this Tech Report based on an exclusive survey of enterprise users and in-depth lab analysis.

Keep Your Guard Up

Moving to a virtualized environment doesn't put conventional security measures out of business; however, a few factors are worth considering. First, you can't always deploy a tap or span port on virtualized systems, as you can on conventional devices. Fortunately, IT can use VMware's ability to create vSwitches to its advantage--by putting security right next to virtual server instances, you decrease the perimeter that must be protected.

The main thing to remember: Don't treat a large virtualized infrastructure as a network black box. Security systems must be able to look inside the virtual infrastructure. If it's treated as one solid "box," or system, you might find that an attacker who compromises one VM has a large sandbox in which to play.

Fast Fixes

We were intrigued by the concept of inline patching. When a vendor releases a patch to an OS or application that VirtualShield protects, Blue Lane tears apart and analyzes the patch, deciphering exactly how it changes the OS's behavior to eliminate a vulnerability. The company promises to produce an inline version in less than 24 hours for critical patches and in no more than 72 hours after the original is released for lower-priority patches.